Executive Summary: The University of Miami in Ohio has accused two students of hacking into the university's grading systems and changing their grades. The students did this by installing a keystroke logger onto multiple classroom computers that their professors used. The two students were then able to steal their professor's username and passwords and access grading systems to change their grades. The two students were also able to change the grades of over two dozen other students. One of the suspects, Beckley Parker, allegedly changed more than 70 grades. Unfortunately, investigators believe that the security breach had gone undetected for over two years. Along with changing grades, the students were also able to obtain copies of midterm and final exams and used those copies to cheat on the actual exams. The security breach was discovered when one professor noticed that a grade had been changed for one of the suspects from an F to a C. Investigators also noticed that Parker benefited the most from the grade changes.
Analysis: The University of Miami failed to implement basic access controls to prevent this type of security breach from happening. The article mentions that the suspects installed keystroke loggers onto computers that were located in classrooms used by the suspect's professors. The university should have installed covers and locks over their computers in order to prevent anyone from installing a physical keystroke logger onto any of their computers. Furthermore, the university's IT department could have required the professors to use two different passwords for accessing the university's network and for accessing the university's grading systems. Additionally, the professors should be cautious on which computers they access their grading systems on, due to the susceptibility of hackers installing keystroke loggers onto computers accessible to the public. The university could have also implemented two-step authentication for professors accessing grading systems, in which the professors would be required to use a one-time password token along with another password in order to access the grading system. The university has now implemented a program that issues the professors an e-mail when grades are changed for their classes. This is an effective tool to thwart another security breach like this from occurring again. Lastly, the university should physically examine each computer on their campus in order to make sure that no one has tampered with them or added any devices like a keystroke logger onto them.
Executive Summary:
The University of Miami in Ohio has accused two students of hacking into the university's grading systems and changing their grades. The students did this by installing a keystroke logger onto multiple classroom computers that their professors used. The two students were then able to steal their professor's username and passwords and access grading systems to change their grades. The two students were also able to change the grades of over two dozen other students. One of the suspects, Beckley Parker, allegedly changed more than 70 grades. Unfortunately, investigators believe that the security breach had gone undetected for over two years. Along with changing grades, the students were also able to obtain copies of midterm and final exams and used those copies to cheat on the actual exams. The security breach was discovered when one professor noticed that a grade had been changed for one of the suspects from an F to a C. Investigators also noticed that Parker benefited the most from the grade changes.
Analysis:
The University of Miami failed to implement basic access controls to prevent this type of security breach from happening. The article mentions that the suspects installed keystroke loggers onto computers that were located in classrooms used by the suspect's professors. The university should have installed covers and locks over their computers in order to prevent anyone from installing a physical keystroke logger onto any of their computers. Furthermore, the university's IT department could have required the professors to use two different passwords for accessing the university's network and for accessing the university's grading systems. Additionally, the professors should be cautious on which computers they access their grading systems on, due to the susceptibility of hackers installing keystroke loggers onto computers accessible to the public. The university could have also implemented two-step authentication for professors accessing grading systems, in which the professors would be required to use a one-time password token along with another password in order to access the grading system. The university has now implemented a program that issues the professors an e-mail when grades are changed for their classes. This is an effective tool to thwart another security breach like this from occurring again. Lastly, the university should physically examine each computer on their campus in order to make sure that no one has tampered with them or added any devices like a keystroke logger onto them.
Updated Article: Two Miami University students expelled